eCall mTAN:
practical example
Bedag Informatik AG
Access protection of important logins and interview with Marcus May, business area taxes at Bedag
Why did Bedag Informatik AG decide to establish a two-factor access security solution?
For the BE-Login project with the goal of implementing a cantonal e-government portal for the Cantonal Office for Information Technology and Organization (KAIO), a two-factor access security solution was mandatory. In this portal, citizens are offered cantonal services for which authentication of the user by means of user name and password is not sufficient. With the introduction of a two-factor access security solution in the portal, authentication security was brought up to date.
You have chosen to send the security codes via SMS. Why did you choose this “transport medium” and not another?
Almost all user groups (from young to old) own a mobile phone. Compared to, for example, a code card sent by post, it can be used directly as a second factor for access protection without waiting times. In addition, the user groups are familiar with the handling of SMS and do not need any further explanations as they would be required with other procedures (hardware tokens), for example. Another reason in favor of SMS is the lower price compared to the hardware token.
Did Bedag previously have another comparable security solution in place?
In addition to the mTAN procedure, BE-Login supports authentication with a code card. This code card contains codes for 100 predefined positions.
Which areas/accesses etc. are additionally protected with the two-factor authentication solution?
In the BE login, the area for mutating the profile data is protected. BE-Login provides the two-factor security to the integrated business applications as a service. One example of this is the specialist application of the tax administration, with which, among other things, the tax return can be completed online.
What are your requirements for an SMS gateway that is responsible for sending your authentication codes?
It must be possible to issue the orders for sending mTANs via a secure interface. The interface must be easy to implement. The mTAN must be delivered to the recipient very quickly, as the user waits in front of the screen for the mTAN to be entered. It must also be possible to send the mTAN to foreign recipients. The SMS gateway must be highly available.
Can you tell us the arguments that tipped the scales in favour of eCall?
The references of Dolphin Systems (since 1.10.2019 F24 Schweiz AG) have shown that it already works successfully with large customers and accordingly provides secure and highly available systems. Added to this is the good experience that Bedag Informatik AG’s data center operation has already had with Dolphin Systems (since 1.10.2019 F24 Schweiz AG). Last but not least, the good price from the extrapolation also decided against the other suppliers.
How satisfied are you with the cooperation with Dolphin Systems (since 1.10.2019 F24 Schweiz AG) regarding consulting, order processing and customer support?
The introduction phase of BE-Login was very uncomplicated when the test phase was extended due to the delay of the introduction. The contract with the productive options could be activated at a later date without any problems.
We would like to know what internal experiences you have had with the gateway in daily use? Would you recommend eCall to others and why?
There are no problems with the delivery of the mTANs today, so I can recommend the eCall SMS gateway without reservation.
Get to know our SMS gateway
You can test the Gateway with all functions and features free of charge at any time.
We are happy to provide you with additional information and look forward to advising and assisting you personally.
Your contact: [email protected] | +41 44 787 30 70